Unrated severityNVD Advisory· Published Jun 26, 2026

Debian wolfssl: The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz)…

CVE-2026-6681

Description

The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release.

Affected products

WolfSSL/Wolfsslllm-fuzzy
Range: <=5.9.0

Patches

Vulnerability mechanics

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000